Error AADSTS50105 - The signed in user is not assigned to a role for the application

This article provides a resolution to the AADSTS50105 error that occurs during federated authentication with Microsoft Entra ID.

Note

Was this article helpful? Your input is important to us. Please use the Feedback button on this page to let us know how well this article worked for you or how we can improve it.

Symptoms

You receive the following error message when you try to sign in to an application that has been set up to use Microsoft Entra ID for identity management using SAML-based Single Sign-On (SSO):

Error AADSTS50105 - The signed in user is not assigned to a role for the application.

Cause

The user hasn't been granted access to the application in Microsoft Entra ID. The user must belong to a group that is assigned to the application, or be assigned directly.

Note

Nested groups are not supported, and the group must be directly assigned to the application.

Resolution

To assign one or more users to an application directly, see Quickstart: Assign users to an app.

More Information

For a full list of Active Directory authentication and authorization error codes, see Microsoft Entra authentication and authorization error codes.

Contact us for help

If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.